Jurisdictions throughout the world are seeking to keep up with privacy concerns of their citizens as information technology grows ever more complex and ubiquitous. For example, the European Union's General Data Protection Regulation (GDPR) (applicable from May 2018) sets forth mandates that require valid and explicit consent for data collected, a purpose for the collection of such data, a right to erasure of data, and a right to the portability of personal data between electronic processing systems. New mandates by governments present increased challenges for businesses and service providers to not only comply with such protections, but also to identify and anticipate the effects of such protections, and ensure customer satisfaction regarding data use and privacy—sometimes providing guarantees that a service provider handling data is absolutely incapable of viewing data without secure identification and consent from the user.
In the United States, no current comprehensive legislation exists that seeks to regulate the acquisition, storage, and use of personal data. However, compliance with international safe harbor privacy principals have traditionally provided a means for U.S. companies to integrate privacy restrictions with European companies, and new directives considered under the EU-US Privacy Shield seek to establish regulatory consistency—such as agreements relating to data deletion, mass data gathering, and Ombudsman mechanisms. Additionally, Asian nations have adopted or are quickly adopting comprehensive “European-style” personal data protections. Thus, such general trends of worldwide regulations are geared towards not only alleviating privacy concerns of citizens, but also protecting businesses and citizens alike from reprehensible black hat hacking attacks.
Imperative to establishing personal data privacy guarantees is the trusted encryption of data being transmitted over unsecured networks. Public key and private key cipher algorithms offer solutions to data encryption when privacy is a fundamental concern. In such cryptographic systems, public keys may be disseminated widely while private keys are attributed only to the owner. Encryption schemes can typically involve a large random number (e.g., the product of two large primes or discrete logarithms) that is sequenced through a key generation algorithm to generate an asymmetric public key/private key pair—where the private key is not deducible from the public key. Typically, the public key—which can be widely disseminated—is utilized to encrypt data, whereas the private key—in secured storage—is utilized to decrypt the encrypted data. Thus, once data is encrypted using any respective public key, it cannot be decrypted without the paired private key. In order to provide increased guarantees to consumers, companies can provide security assurances based on general best practice recommendations where security protections and control processes can be validated by multiple independent third-party entities.